Title: A.ShopKart Multiple SQL Injection Vulnerabilities
Severity: HIGH
Description:
a.shopKart is a freely available shopping cart system. It is implemented in ASP and is available for Microsoft Windows operating systems.
a.shopKart is prone to multiple SQL injection vulnerabilities.
Due to insufficient sanitization of user-supplied input passed to SQL queries, it may be possible to manipulate the logic of SQL queries. Depending on the nature of the individuals queries and the underlying database implementation, it may be possible to cause database corruption or disclose sensitive information from within the database.
Multiple instances of these vulnerabilities exist in the following scripts:
addcustomer.asp
addprod.asp
process.asp
It was reported that the "zip", "state", "country", "phone" and "fax" fields in the 'addcustomer.asp' script may allow for SQL injection. Further details about the other vulnerable scripts were not provided.
SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
Affected Products:
- URLogy a.shop.Kart 2.0.3
References:
- URLogy: a.shopKart Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
